ETSITS183 033vi.i.3 



(2007-04) 



Technical Specification 

Telecommunications and internet converged Services and 
Protocols for Advanced Networking (TISPAN); 

IP Multimedia; 

Diameter based protocol for the interfaces between the 

Call Session Control Function and the User Profile Server 

Function/Subscription Locator Function; 
Signalling flows and protocol details 

[3GPP TS 29.228 V6.8.0 and 3GPP TS 29.229 V6.6.0, modified] 




ETSI TS 183 033 V1 .1 .3 (2007-04) 



Reference 



RTS/TISPAN-03095-NGN-R1 
Keywords 



architecture, endorsement, interface, signalling 



ETSI 

650 Route des Lucioles 
F-06921 Sophia Antipolis Cedex - FRANCE 

Tel. : +33 4 92 94 42 00 Fax: +33 4 93 65 47 1 6 

Siret N ° 348 623 562 0001 7 - NAF 742 C 
Association a but non lucratif enregistree a la 
Sous-Prefecture de Grasse (06) N° 7803/88 



Important notice 



Individual copies of the present document can be downloaded from: 
http://www.etsi.org 

The present document may be made available in more than one electronic version or in print. In any case of existing or 

perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). 

In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive 

within ETSI Secretariat. 

Users of the present document should be aware that the document may be subject to revision or change of status. 

Information on the current status of this and other ETSI documents is available at 

http://portal.etsi.org/tb/status/status.asp 

If you find errors in the present document, please send your comment to one of the following services: 

http://portal.etsi.org/chaircor/ETSI support.asp 

Copyright Notification 

No part may be reproduced except as authorized by written permission. 
The copyright and the foregoing restriction extend to reproduction in all media. 

© European Telecommunications Standards Institute 2007. 
All rights reserved. 

DECT™, PLUGTESTS™ and UMTS™ are Trade Marks of ETSI registered for the benefit of its Members. 
TIPHON™ and the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of its Members. 
3GPP™ is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. 



ETSI 



ETSI TS 183 033 V1 .1 .3 (2007-04) 



Contents 



Intellectual Property Rights 4 

Foreword 4 

1 Scope 5 

2 References 5 

3 Abbreviations 5 

Endorsement notice 6 

Global modifications to 3GPP TS 29.228 6 

Global modifications to 3GPP TS 29.229 11 

Annex ZA (informative): x additional support for HTTP Digest authentication 15 

ZA. 1 Information elements and signalling flows for HTTP Digest authentication 15 

ZA.2 Diameter protocol extensions supporting HTTP Digest authentication 16 

ZA.3 Additional Cx feature in support of HTTP Digest authentication 18 

History 19 



ETSI 



ETSI TS 183 033 V1 .1 .3 (2007-04) 



Intellectual Property Rights 



IPRs essential or potentially essential to the present document may have been declared to ETSI. The information 
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found 
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in 
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web 
server ( http://webapp.etsi.org/IPR/home.asp ). 

Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee 
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web 
server) which are, or may be, or may become, essential to the present document. 
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This Technical Specification (TS) has been produced by ETSI Technical Committee Telecommunications and Internet 
converged Services and Protocols for Advanced Networking (TISPAN). 
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Scope 



The present document provides the ETSI TISPAN endorsement of the 3GPP TS 29.228 [1] " Cx and Dx interfaces; 
Signalling flows and messages contents (Release 6)" and the 3GPP TS 29.229 [2] "IP Multimedia (IM) Subsystem Cx 
and Dx interfaces based on the DIAMETER protocol; Protocol details (Release 6)". 

The present document provides the necessary adaptations to the above specifications, in order comply with the 
requirements of NGN Release 1 . 

Additionally, the present document provides the necessary protocol extensions needed in support of HTTP Digest 
authentication (see annex A). 



References 



The following documents contain provisions which, through reference in this text, constitute provisions of the present 
document. 

• References are either specific (identified by date of publication and/or edition number or version number) or 
non-specific. 

• For a specific reference, subsequent revisions do not apply. 

• For a non-specific reference, the latest version applies. 

Referenced documents which are not found to be publicly available in the expected location might be found at 
http://docbox.etsi.org/Reference . 

NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee 
their long term validity. 

[1] 3GPP TS 29.228 (V6.8.0): "3rd Generation Partnership Project; Technical Specification Group 

Core Network and Terminals; IP Multimedia (IM) Subsystem Cx and Dx interfaces; Signalling 
flows and message contents (Release 6)". 

[2] 3GPP TS 29.229 (V6.6.0): "3rd Generation Partnership Project; Technical Specification Group 

Core Network and Terminals; Cx and Dx interfaces based on the Diameter protocol; Protocol 
details (Release 6)". 

[3] draft-ietf-aaa-diameter-sip-app-10: "Diameter Session Initiation Protocol (SIP) Application". 

[4] IETF RFC 2617: "HTTP Authentication: Basic and Digest Access Authentication". 

[5] IETF RFC 3588: "Diameter Base Protocol". 



3 Abbreviations 

For the purposes of the present document, the following abbreviations apply: 

AVP Attribute-Value Pair 

CSCF Call Session Control Function 

ETSI European Telecommunications Standards Institute 

HTTP Hyper Text Transfer Protocol 

IETF Internet Engineering Task Force 

RFC Request For Comments 

S-CSCF Serving-CSCF 

SIP Session Initiation Protocol 

UPSF User Profile Server Function 
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Endorsement notice 

The elements of 3GPP TS 29.228 [1] and 3GPP TS 29.229 [2] apply, with the following modifications. 
NOTE: Underlining and/or strike-out are used to highlight detailed modifications where necessary. 

Global modifications to 3GPP TS 29.228 

Replace the clauses "Scope", "References" and "Definitions, symbols and abbreviations" with the following three 
clauses (Scope, References and Definitions, symbols and abbreviations). 

1 Scope 

The scope is endorsed with the replacement of the "HSS" by the "UPSF". 

2 References 

Replace the references in [1] as shown in table 1. 

Table 1 : Replacement of references in 3GPP TS 29.228 





Reference in 3GPP TS 29.228 


Replaced references 


1 


3GPP TS 23.228: "IP Multimedia (IM) Subsystem - Stage 2 
(Release 5)". 


ETSI TS 182 006: "Telecommunications and Internet 
converged Services and Protocols for Advanced 
Networking (TISPAN); IP Multimedia Subsystem 
(IMS); Stage 2 description [3GPP TS 23.228 v7.2.0, 
modified]" (note 1). 


2 


3GPP TS 24.228: "Signalling flows for the IP multimedia call 
control based on SIP and SDP". 


(note 2). 


3 


3GPP TS 33.203: "Access security for IP-based services". 


(note 2). 


4 


3GPP TS 23.002 "Network architecture". 


ETSI ES 282 001 : "Telecommunications and Internet 
converged Services and Protocols for Advanced 
Networking (TISPAN); NGN Functional Architecture 
Release 1" (note 1). 


5 


3GPP TS 29.229 [2]: "Cx Interface based on Diameter - 
Protocol details". 


The present document (note 1). 


8 


3GPP TS 24.229: "IP Multimedia Call Control Protocol 
based on SIP and SDP" - stage 3. 


ETSI ES 283 003: "Telecommunications and Internet 
converged Services and Protocols for Advanced 
Networking (TISPAN); IP Multimedia Call Control 
Protocol based on Session Initiation Protocol (SIP) 
and Session Description Protocol (SDP) Stage 3 
[3GPP TS 24.229 (Release 7), modified]" (note 1). 


10 


3GPP TS 23.141 : "Presence Service; Architecture and 
Functional Description". 


ETSI TS 182 008: "Telecommunications and Internet 
converged Services and Protocols for Advanced 
Networking (TISPAN); Presence Service; Architecture 
and functional description [Endorsement of 3GPP 
TS 23.141 and OMA-AD-Presence SIMPLE-V1 0]" 
(note 1). 


NOTE 1 : The reference in [1] is replaced by the document listed on the right column. This replacement is applicable to 

all occurrences of the reference throughout the present document. 
NOTE 2: The reference in [1] contains 3GPP specific requirements and is not generally applicable to the present 

document. 



3 Definitions, symbols and abbreviations 
Endorsed with changes. 

3.1 Definitions 

Endorsed with the replacement of the "HSS" by the "UPSF". 
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3.2 Abbreviations 
Replace: 

HSS Home Subscriber Server 

By: 

UPSF User Profile Server Function 

Add the following abbreviation: 

NASS Network Attachment Subsystem 

NOTE: Throughout the present document, all occurrences of "HSS" are replaced by "UPSF". 

Throughout the text of 3GPP TS 29.228 [1] 

4.0 Main concept 
Endorsed. 

5 General Architecture 
Endorsed. 

6 Procedure Descriptions 
Endorsed with changes. 

6.3 Authentication procedures 

Endorsed with changes. 

Modify as follows: 

This procedure is used between the S-CSCF and the HSS to exchange information to support the authentication between 
the end user and the home IMS network. The procedure is invoked by the S-CSCF, corresponds to the combination of 
the operations Cx-AV-Req and Cx-AV-Req-Resp (see 3GPP TS 33.203 [3]) and is used: 

To retrieve authentication vectors from the HSS for IMS-AKA authentication. 

To resolve synchronization failures between the sequence numbers in the UE and the HSS for IMS-AKA 
authentication. 

To promote the result of the NASS-level authentication to the IMS level. 

Table 6.3.1 is endorsed with the following addition: 

When the S-CSCF performs the operation Cx-AV-Req, if it may not know the authentication scheme at this point 
(e.g. in the non IMS-AKA cases), it can set SIP-Number-Auth-Items to any positive value. 

Table 6.3.2 is endorsed with the following change: 

When the S-CSCF performs the operation Cx-AV-Req, if it may not know the authentication scheme at this point 
(e.g. in the non IMS-AKA case), it should set the SIP-Authentication-scheme field to "unknown". Later the HSS 
changes this value based on the actual authentication scheme stored in the user authentication data. 

Table 6.3.3 is endorsed with the following clarification: 

Table 6.3.3 is applicable to IMS-AKA only. 
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Table 6.3.4 is modified as follows: 



Table 6.3.4: Authentication Request Response 



Information 
element name 


Mapping to 
Diameter AVP 


Cat. 


Description 


User Identity 
(See 7.2) 


Public-Identity 


C 


Public User Identity. It shall be present when the result is 
DIAMETER_SUCCESS. 


Private User 

Identity 

(See 7.3) 


User-Name 


c 


Private User Identity. It shall be present when the result is 
DIAMETER_SUCCESS. 


Number 

Authentication 

Items 

(See 7.10) 


SIP-Number- 
Auth-ltems 


c 


This AVP indicates the number of authentication vectors delivered in the 
Authentication Data information element. It shall be present when the result 
is DIAMETER_SUCCESS. 


Authentication 

Data 

(See 7.9) 


SIP-Auth-Data- 
Item 


c 


If the SIP-Number-Auth-ltems AVP is equal to zero or it is not present, then 

this AVP shall not be present. 

See table 6.3.5 and table 6.3.A for the contents of this information element. 


Result 
(See 7.6) 


Result-Code / 
Experimental- 
Result 


M 


Result of the operation. 

Result-Code AVP shall be used for errors defined in the Diameter Base 

Protocol. 

Experimental-Result AVP shall be used for Cx/Dx errors. This is a grouped 

AVP which contains the 3GPP Vendor ID in the Vendor-Id AVP, and the 

error code in the Experimental-Result-Code AVP. 



Table 6.3.5 is endorsed with the following clarification: 
Table 6.3.5 is applicable to IMS-AKA only. 
Add the following table: 

Table 6.3.A: Authentication Data content - Response for NASS-Bundled Authentication 



Information 
element name 


Mapping to 
Diameter AVP 


Cat. 


Description 


Authentication 

Scheme 

(See 7.9.2) 


SIP- 

Authentication- 

Scheme 


M 


Authentication scheme. It shall contain "NASS-Bundled". 


Line Identifier 
(See 7.9.8) 


Line- Identifier 


M 


This information element contains a fixed broadband access line identifier 
associated to the user. This information element can be repeated. 



6.3.1 Detailed behaviour 

Clause 6.3.1 is endorsed with the following clarifications: 

between step 2 and step 3. the HSS checks the user authentication data for the authentication scheme stored in 
HSS, 

step 4 is only applicable to authentication schemes that support synchronization. 

7 Information Element Contents 
Endorsed with changes. 
Modify clause 7.9.2 as follows: 

7.9.2 Authentication Scheme 

This information element contains the authentication scheme, which is used to encode the authentication parameters. 
The scheme is "Digest AKAvl MD5". 
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Add the following clause: 

7.9.8 Line Identifier 

This information element contains the line identifier of the user's network termination. 

8 Error Handling procedures 
Endorsed. 

9 Protocol version identification 
Endorsed. 

10 Operational aspects 
Endorsed. 

Annex A (normative) 
Endorsed with changes. 

A.3 Cx message parameters to Diameter AVP mapping 
Table A.3.1 is endorsed with the following addition: 

Table A.3.1 : Cx message parameters to Diameter AVP mapping 



Cx parameter 


AVP Name 






Line Identifier 


Line-Identifier 



A.4 Message flows 
Endorsed with changes. 

A.4.1 Registration - user not registered 
Endorsed with the following changes: 
Figure A.4.1. 1 is applicable to 1MS-AKA. 
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Add the following figure: 

Visited Network 



Home Network 



UE 



P-CSCF 



CLF 



l-CSCF 



NASS Authentication & Network 
Attachment 



1 . Register 



Security Association required? 



14. OK 



2. CLF Query 



(IP address) 
3. CLF Response 



(Location Info) 
4. Register 



(P-Access Network-info = dsl- 
location) 



UPSF 



S-CSCF 



5. UAR 



6. UAA 



S-CSCF selection 



13. OK 



7. Register 



(P-Access Network-info = dsl- 

location) n ,,._ 

' 8. MAR 



User profile 
check 



9. MAA 
(Line-ldentitieT( 



s)) 



Compare Line- 
Identifier (s) 



10. SAR 



1 1 . SAA 



12. OK 



Figure A.4.1.1 A: Registration - user not registered (NASS-Bundled authentication) 



Annex E (normative) 
Endorsed. 

Annex F (normative) 
Endorsed. 
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Global modifications to 3GPP TS 29.229 

Replace the clauses "Scope", "References" and "Definitions, symbols and abbreviations" with the following three 
clauses (Scope, References, and Definitions, symbols and abbreviations). 

1 Scope 

The scope is endorsed with the replacement of the "HSS" by the "UPSF". 

2 References 

Replace the references in [2] as shown in table 2 

Table 2: Replacement of references in 3GPP TS 29.229 





Reference in 3GPP TS 29.229 


Replaced references 


[1] 


3GPP TS 29.228 [1] "IP Multimedia (IM) Subsystem Cx and 
Dx interface; signalling flows and message contents". 


The present document (note 1). 


[11] 


3GPP TS 29.329 "Sh Interface based on the Diameter 
protocol; protocol details". 


ETSI TS 183 037: "Endorsement of the Sh Interface 
based on the Diameter protocol; Protocol details 
(Release 6), NGN Release 1" (note 1). 


NOTE 1 : The reference in [2] is replaced by the document listed on the right column. This replacement is applicable to 

all occurrences of the reference throughout the present document. 
NOTE 2: The reference in [2] contains 3GPP specific requirements and is not generally applicable to the present 

document. 



3 Definitions, symbols and abbreviations 
Endorsed with changes. 

3.1 Definitions 

Endorsed with the replacement of the "HSS" by the "UPSF". 

3.2 Abbreviations 
Replace: 

HSS Home Subscriber Server 

By: 

UPSF User Profile Server Function 

Add the following abbreviation: 

NASS Network Attachment Subsystem 

NOTE: Throughout the present document, all occurrences of "HSS" are replaced by "UPSF". 

Throughout the text of 3GPP TS 29.229 [2\ 

4 General 
Endorsed. 

5 User of the Diameter Base Protocol 
Endorsed with changes. 
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5.6 Advertising Application Support 

Endorsed with the following changes: 

The HSS, S-CSCF and I-CSCF shall advertise support of the Diameter Multimedia Application by including the value 
of the application identifier (see clause 6) in the Auth- Application-Id AVP within the Vendor-Specific-Application-Id 
grouped AVP of the Capabilities-Exchange-Request and Capabilities-Exchange-Answer commands. 

The vendor identifier values of 3GPP (10415) and ETSI (13019) shall be included in the Supported- Vendor-Id AVP of 
the Capabilities-Exchange-Request and Capabilities-Exchange- Answer commands, and in the Vendor-Id AVP within 
the Vendor-Specific-Application-Id grouped AVP of the Capabilities-Exchange-Request and Capabilities-Exchange- 
Answer commands. 

NOTE: The Vendor-Id AVP included in Capabilities-Exchange-Request and Capabilities-Exchange-Answer 
commands that is not included in the Vendor-Specific-Application-Id AVPs as described above shall 
indicate the manufacturer of the Diameter node as per RFC 3588 [6]. 

6 Diameter application for Cx interface 
Endorsed with changes. 

6.1 Command-Code values 
Endorsed. 

6.2 Result-Code AVP values 
Endorsed. 

6.3 AVPs 

Endorsed with the following changes: 

Add the following text at the end of the paragraph before table 6.3.1: 
The Line-Identifier AVP has a Vendor-Id header set to ETSI (13019). 
Table 6.3.1 is endorsed with the following addition: 

Table 6.3.1 : Diameter Multimedia Application AVPs 











AVP Flag rules 




Attribute Name 


AVP 
Code 


Section 
defined 


Value Type 


Must 


May 


Should 
not 


Must 
not 


May encr. 




















Line- Identifier 


500 


6.3.34 


OctetStrinq 


V 






M 


No 


NOTE 1 : The AVP header bit denoted as "M", indicates whether support of the AVP is required. The AVP header 
bit denoted as "V", indicates whether the optional Vendor-ID field is present in the AVP header. For 
further details, see IETF RFC 3588 [6]. 

NOTE 2: Depending on the concrete command. 
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6.3.13 SIP-Auth-Data-ltem AVP 
Endorsed with the following change: 

SIP-Auth-Data-ltem :: = < AVP Header : 612 10415 > 

[ SIP-Item-Number ] 

[ SIP-Authentication-Scheme ] 

[ SIP-Authenticate ] 

[ SIP-Authorization ] 

[ SIP-Authentication-Context ] 

[Confidentiality-Key] 

[Integrity-Key] 

* [Line-Identi fieri 

* [AVP] 
Add the following clause: 

6.3.34 Line-Identifier AVP 

The Line-Identifier AVP is of type OctetString. This AVP contains a fixed broadband access line identifier associated 
to the user. 

6.4 Use of namespaces 
Endorsed. 

7 Special Requirements 

7.1 Version Control 
Endorsed with changes. 
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7.1.1 Defining a new feature 

Endorsed with the following change: 

Table 7.1.1 is endorsed with the following addition: 



Table 7.1.1 : Features of Feature-List-ID 1 used in Cx 



Feature 
bit 


Feature 


M/O 


Description 










Tbd 


NASS BUND 
LED 





NGN extensions for NASS Bundled authentication. 
This feature is applicable for anv command pair affected bv NGN 


extensions for NASS Bundled authentication. 
When the S-CSCF and the UPSF support this feature, both nodes are 


able to handle Cx messaqes with the extensions and/or modifications 


for NASS Bundled authentication. 


Tbd 


HTTP DIGES 

T MD5 





NGN extensions for HTTP Diqest authentication. 


Feature bit: The order number of the bit within the Supported-Features AVP, e.g. '1'. 
Feature: A short name that can be used to refer to the bit and to the feature, e.g. 'MOM'. 
M/O: Defines if the implementation of the feature is mandatory (M) or optional ('0'). 
Description: A clear textual description of the feature. 



7.2 Supported features 
Endorsed. 

7.3 Interface versions 
Endorsed. 
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Annex ZA (informative): 

x additional support for HTTP Digest authentication 

This annex provides the additional Cx capabilities needed for supporting HTTP Digest authentication over the Cx 
interface. 

ZA.1 Information elements and signalling flows for HTTP 
Digest authentication 

The authentication procedure is mapped to the commands Multimedia- Auth-Request/ Answer in the Diameter 
application. 

Tables 6.3.1 to 6.3.5 of 3GPP TS 29 228 [1] are applicable with the following exceptions: 

Table 6.3. 1 is applicable with the clarification that table ZA. 1 . 1 provides a description of the contents of the 
Authentication Data information element. 

Tables 6.3.2 and 6.3.3 are not applicable. 

Table 6.3.4 is applicable with the clarification that table ZA. 1 .2 provides a description of the contents of the 
Authentication Data information element. 

Table 6.3.5 is not applicable. 

The following tables are added: 

Table ZA.1 .1 : Authentication Data content - Request 



Information 
element name 


Mapping to 

Diameter 

AVP 


Cat. 


Description 


Authentication 

Scheme 

(See clause 7.9.2 

of [1]) 


SIP- 

Authenticatio 
n-Scheme 


M 


This information element indicates the authentication scheme. It shall 
contain 'unknown'. 


ETSI- 

Authorization 

Information (See 

clause A.2) 


ETSI-SIP- 

Authorization 

(note) 


C 


This information element shall be present under the conditions specified in 
draft-ietf-aaa-diameter-sip-app-10. See clause A.2. 


NOTE: An "ETSI-" prefix is added to the ETSI vendor-specific AVP which have an equivalent AVP being defined in 
draft-ietf-aaa-diameter-sip-app-1. 
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Table ZA.1.2: Authentication Data content - Response for HTTP Digest Authentication 



Information 
element name 


Mapping to 

Diameter 

AVP 


Cat. 


Description 


Authentication 

Scheme 

(See clause 7.9.2 of 

[1]) 


SIP- 

Authentication 

-Scheme 


M 


This information element indicates the authentication scheme. It shall 
contain 'HTTP_DIGEST_MD5'. 


ETSI Authentication 

Information 

(See clause A.2) 


ETSI-SIP- 

Authenticate 

(note 1) 


M 


See clause A.2. 


ETSI-Authentication 
Info Information 
(See clause A.2) 


ETSI-SIP- 

Authentication 

-Info 

(note 1) 


O 


See clause A.2. 


NOTE 1 : An "ETSI-" prefix is added to the ETSI vendor-specific AVP which have an equivalent AVP being defined 

in draft-ietf-aaa-diameter-sip-app-1 0. 
NOTE 2: HTTP Digest authentication requires the generation of a nonce in either the UPSF or the S-CSCF. In this 

version of the specification the UPSF shall generate nonces and the S-CSCF shall not generate nonces, 

as part of the HTTP Digest authentication process. 



ZA.2 Diameter protocol extensions supporting HTTP 
Digest authentication 

The following table describes the Diameter AVPs defined for the Cx interface protocol in support of HTTP Digest, their 
AVP Code values, types, possible flag values and whether or not the AVP may be encrypted. The Vendor-Id header of 
all AVPs defined in the present document shall be set to ETSI (13019). 

Table ZA.2.1 : Diameter Multimedia Application AVPs for HTTP Digest 











AVP Flag rules 




Attribute Name 


AVP 
Code 


Section 
defined 


Value Type 


Must 


May 


Should 
not 


Must 
not 


May Encr. 


ETSI-SIP-Authenticate 


501 


- 


Grouped 


V 






M 


No 


ETSI-SIP-Authorization 


502 


- 


Grouped 


V 






M 


No 


ETSI-SIP-Authentication-lnfo 


503 


- 


Grouped 


V 






M 


No 


ETSI-Digest-Realm 


504 


- 


UTF8String 


V 






M 


No 


ETSI-Digest-Nonce 


505 


- 


UTF8String 


V 






M 


No 


ETSI-Digest-Domain 


506 


- 


UTF8String 


V 






M 


No 


ETSI-Digest-Opaque 


507 


- 


UTF8String 


V 






M 


No 


ETSI-Digest-Stale 


508 


- 


UTF8String 


V 






M 


No 


ETSI-Digest-Algorithm 


509 


- 


UTF8String 


V 






M 


No 


ETSI-Digest-QoP 


510 


- 


UTF8String 


V 






M 


No 


ETSI-Digest-HA1 


511 


- 


UTF8String 


V 






M 


No 


ETSI-Digest-Auth-Param 


512 


- 


UTF8String 


V 






M 


No 


ETSI-Digest-Username 


513 


- 


UTF8String 


V 






M 


No 


ETSI-Digest-URI 


514 


- 


UTF8String 


V 






M 


No 


ETSI-Digest-Response 


515 


- 


UTF8String 


V 






M 


No 


ETSI-Digest-CNonce 


516 


- 


UTF8String 


V 






M 


No 


ETSI-Digest-Nonce-Count 


517 


- 


UTF8String 


V 






M 


No 


ETSI-Digest-Method 


518 


- 


UTF8String 


V 






M 


No 


ETSI-Digest-Entity-Body-Hash 


519 


- 


UTF8String 


V 






M 


No 


ETSI-Digest-Nextnonce 


520 


- 


UTF8String 


V 






M 


No 


ETSI-Digest-Response-Auth 


521 


- 


UTF8String 


V 






M 


No 


NOTE 1 : The AVP header bit denoted as "M", indicates whether support of the AVP is required. The AVP header 
bit denoted as "V", indicates whether the optional Vendor-ID field is present in the AVP header. For 
further details, see IETF RFC 3588 [5]. 

NOTE 2: Depending on the concrete command. 
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The SIP-Auth-Data-Item AVP is modified compared to 3GPP TS 29.229 [ 2 1 as follows: 

The SIP-Auth-Data-Item is of type Grouped, and contains the authentication and/or authorization information for the 
Diameter client. 

AVP format 

SIP-Auth-Data-Item :: = < AVP Header : 612 10415 > 

[ SIP-Item-Number ] 

[ SIP-Authentication-Scheme ] 

[ SIP-Authenticate ] 

[ SIP-Authorization ] 

[ SIP-Authentication-Context ] 

[Confidentiality-Key] 

[Integrity-Key] 

[ ETSI-SIP-Authorization 1 

[ ETSI-SIP-Authenticate 1 



ETSI-SIP-Authentication-Info 



*[AVP] 

Add the following AVP syntax: 

The ETSI-SIP-Authenticate is of type Grouped, and contains a reconstruction of either the SIP WWW- Authenticate or 
Proxy- Authentication header fields specified in RFC 2617 [4]. Additionally, the AVP may include a Digest-HAl AVP 
that contains H(A1) (as defined in RFC 2617 [4]). 

AVP format 

ETSI-SIP-Authenticate ::= < AVP Header : 501 13019 > 

{ ETSI-Digest-Realm } 

{ ETSI-Digest-Nonce } 

[ ETSI-Digest-Domain ] 

[ ETSI-Digest-Opaque ] 

[ ETSI-Digest-Stale ] 

[ ETSI-Digest-Algorithm ] 

[ ETSI-Digest-QoP ] 

[ETSI-Digest-HAl] 

*[ ETSI-Digest-Auth-Param ] 

*[ AVP ] 

The ETSI-SIP-Authorization is of type Grouped, and contains a reconstruction of either the SIP Authorization or 
Proxy- Authorization header fields specified in RFC 2617 [4]. 
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AVP format 

ETSI-SIP-Authorization :: = < AVP Header : 502 13019 > 

{ ETSI-Digest-Username } 

{ ETSI-Digest-Realm } 

{ ETSI-Digest-Nonce } 

{ ETSI-Digest-URI } 

{ ETSI-Digest-Response } 

[ ETSI-Digest-Algorithm ] 

[ ETSI-Digest-CNonce ] 

[ ETSI-Digest-Opaque ] 

[ ETSI-Digest-QoP ] 

[ ETSI-Digest-Nonce-Count ] 

[ ETSI-Digest-Method ] 

[ ETSI-Digest-Entity-Body-Hash ] 

*[ ETSI-Digest-Auth-Param ] 

* [AVP] 

The ETSI-SIP -Authentication-Info AVP is of type Grouped and contains a reconstruction of the SIP 
Authentication-Info header specified in RFC 2617 [4]. 

AVP format 

ETSI-SIP-Authentication-Info ::= < AVP Header: 503 13019 > 

{ ETSI-Digest-Nextnonce } 

[ ETSI-Digest-QoP ] 

[ ETSI-Digest-Response-Auth ] 

[ ETSI-Digest-CNonce ] 

[ ETSI-Digest-Nonce-Count ] 

*[ AVP ] 

ZA.3 Additional Cx feature in support of HTTP Digest 
authentication 

This feature is applicable for any command pair affected by NGN extensions for HTTP Digest authentication. 

When the S-CSCF and the UPSF support this feature, both nodes are able to handle Cx messages with the extensions 
and/or modifications for HTTP Digest authentication. 

See table 7.1.1 in the present endorsement of 3GPP TS 29.229 [2]. 
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